Opened 7 months ago

Closed 7 months ago

#14445 closed enhancement (fixed)

openjpeg-2.4.0

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Douglas R. Reno, 7 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 7 months ago

v2.4.0 (2020-12-28)

Full Changelog

Closed issues:

    OPENJPEG_INSTALL_DOC_DIR does not control a destination directory where HTML docs would be installed. #1309
    Heap-buffer-overflow in lib/openjp2/pi.c:312 #1302
    Heap-buffer-overflow in lib/openjp2/t2.c:973 #1299
    Heap-buffer-overflow in lib/openjp2/pi.c:623 #1293
    Global-buffer-overflow in lib/openjp2/dwt.c:1980 #1286
    Heap-buffer-overflow in lib/openjp2/tcd.c:2417 #1284
    Heap-buffer-overflow in lib/openjp2/mqc.c:499 #1283
    Openjpeg could not encode 32bit RGB float image #1281
    Openjpeg could not encode 32bit RGB float image #1280
    ISO/IEC 15444-1:2019 (E) compared with 'cio.h' #1277
    Test-suite failure due to hash mismatch #1264
    Heap use-after-free #1261
    Memory leak when failing to allocate object... #1259
    Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... #1257
    Any plan to build release for CVE-2020-8112/CVE-2020-6851 #1247
    failing to convert 16-bit file: opj_t2_encode_packet(): only 5251 bytes remaining in output buffer. 5621 needed. #1243
    CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install #1239
    New release to solve CVE-2019-6988 ? #1238
    Many tests fail to pass after the update of libtiff to version 4.1.0 #1233
    Another heap buffer overflow in libopenjp2 #1231
    Heap buffer overflow in libopenjp2 #1228
    Endianness of binary volume (JP3D) #1224
    New release to resolve CVE-2019-12973 #1222
    how to set the block size,like 128,256 ? #1216
    compress YUV files to motion jpeg2000 standard #1213
    Repair/update Java wrapper, and include in release #1208
    abc #1206
    Slow decoding #1202
    Installation question #1201
    Typo in test_decode_area - *ptilew is assigned instead of *ptileh #1195
    Creating a J2K file with one POC is broken #1191
    Make fails on Arch Linux #1174
    Heap buffer overflow in opj_t1_clbl_decode_processor() triggered with Ghostscript #1158
    opj_stream_get_number_byte_left: Assertion `p_stream->m_byte_offset >= 0' failed. #1151
    The fuzzer ignores too many inputs #1079
    out of bounds read #1068

Merged pull requests:

    Change defined WIN32 #1310 (Jamaika1)
    docs: fix simple typo, producted -> produced #1308 (timgates42)
    Set ${OPENJPEG_INSTALL_DOC_DIR} to DESTINATION of HTMLs #1307 (lemniscati)
    Use INC_DIR for OPENJPEG_INCLUDE_DIRS (fixes uclouvain#1174) #1306 (matthew-sharp)
    pi.c: avoid out of bounds access with POC (fixes #1302) #1304 (rouault)
    Encoder: grow again buffer size #1303 (zodf0055980)
    opj_j2k_write_sod(): avoid potential heap buffer overflow (fixes #1299) (probably master only) #1301 (rouault)
    pi.c: avoid out of bounds access with POC (refs https://github.com/uclouvain/openjpeg/issues/1293\#issuecomment-737122836\) #1300 (rouault)
    opj_t2_encode_packet(): avoid out of bound access of #1297, but likely not the proper fix #1298 (rouault)
    opj_t2_encode_packet(): avoid out of bound access of #1294, but likely not the proper fix #1296 (rouault)
    opj_j2k_setup_encoder(): validate POC compno0 and compno1 (fixes #1293) #1295 (rouault)
    Encoder: avoid global buffer overflow on irreversible conversion when… #1292 (rouault)
    Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC #1291 (rouault)
    Free p_tcd_marker_info to avoid memory leak #1288 (zodf0055980)
    Encoder: grow again buffer size #1287 (zodf0055980)
    Encoder: avoid uint32 overflow when allocating memory for codestream buffer (fixes #1243) #1276 (rouault)
    Java compatibility from 1.5 to 1.6 #1263 (jiapei100)
    opj_decompress: fix double-free on input directory with mix of valid and invalid images #1262 (rouault)
    openjp2: Plug image leak when failing to allocate codestream index. #1260 (sebras)
    openjp2: Plug memory leak when setting data as TLS fails. #1258 (sebras)
    openjp2: Error out if failing to create Tier 1 handle. #1256 (sebras)
    Testing for invalid values of width, height, numcomps #1254 (szukw000)
    Single-threaded performance improvements in forward DWT for 5-3 and 9-7 (and other improvements) #1253 (rouault)
    Add support for multithreading in encoder #1248 (rouault)
    Add support for generation of PLT markers in encoder #1246 (rouault)
    Fix warnings about signed/unsigned casts in pi.c #1244 (rouault)
    opj_decompress: add sanity checks to avoid segfault in case of decoding error #1240 (rouault)
    ignore wrong icc #1236 (szukw000)
    Implement writing of IMF profiles #1235 (rouault)
    tests: add alternate checksums for libtiff 4.1 #1234 (rouault)
    opj_tcd_init_tile(): avoid integer overflow #1232 (rouault)
    tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. #1230 (Dor1s)
    opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228) #1229 (rouault)
    Fix resource leaks #1226 (dodys)
    abi-check.sh: fix false postive ABI error, and display output error log #1218 (rouault)
    pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets() #1217 (rouault)
    Add check to validate SGcod/SPcoc/SPcod parameter values. #1211 (sebras)
    Fix buffer overflow reading an image file less than four characters #1196 (robert-ancell)
    compression: emit POC marker when only one single POC is requested (f… #1192 (rouault)
    Fix several potential vulnerabilities #1185 (Young-X)
    openjp2/j2k: Report error if all wanted components are not decoded. #1164 (sebras)

Contains over a dozen security fixes

comment:3 by Douglas R. Reno, 7 months ago

Priority: normalhigh

comment:4 by Douglas R. Reno, 7 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24032

Note: See TracTickets for help on using tickets.